Malicious botnets responsible for 40% of global login attempts

Prime examples of targets hackers have been exploiting are the GoAhead embedded HTTP server that leads to 700,000 potential targets, and the Oracle WebLogic Server.

In the fourth quarter of 2017, a spike in the use of botnets for credential abuse was noted as 7.3 trillion bot requests were analysed, revealing that 40 per cent of login attempts had been malicious.

Remote code execution vulnerabilities particularly in enterprise-level software have also proved a favourable target for attackers recently, looking to enslave the systems as part of botnets.

Prime examples of targets hackers have been exploiting are the GoAhead embedded HTTP server that leads to 700,000 potential targets, and the Oracle WebLogic Server.

In addition to these findings revealed in the Q4 2017 Akamai State of The Internet / Security Report, a growing trend of attackers installing crypto mining programs onto their targets, a process made easier by the widespread Spectre and Meltdown vulnerabilities.

“A key motive of attackers has always been financial profit. In the past few years, we have seen adversaries move to more direct methods to achieve that goal such as ransomware,” said Martin McKeay, senior security advocate and senior editor, State of the Internet / Security Report. “Crypto mining offers attackers the most direct avenue to monetise efforts by putting money immediately into their cryptowallets.”

The industry hit hardest by fraudulent credential attacks was found to be hospitality, with 82 per cent of login attempts in this space proving to be malicious. Another important finding from the report was a spike in DDoS attacks on the financial services industry.

“Increased automation and data mining have caused a massive flood of bot traffic to impact websites and Internet services. Although most of that traffic is useful for Internet businesses, cybercriminals are looking to manipulate the powerful volume of bots for nefarious gains,” said McKeay. “Enterprises need to watch who is accessing their sites to differentiate actual humans from both legitimate and malicious bots. Not all web traffic and not all bots are created equal.”